CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21117
https://notcve.org/view.php?id=CVE-2025-21117
05 Feb 2025 — Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. • https://www.dell.com/support/kbdoc/en-us/000281275/dsa-2025-071-security-update-for-dell-avamar-for-multiple-component-vulnerabilities • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22475
https://notcve.org/view.php?id=CVE-2025-22475
04 Feb 2025 — Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering. • https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53295
https://notcve.org/view.php?id=CVE-2024-53295
01 Feb 2025 — Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. • https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51534
https://notcve.org/view.php?id=CVE-2024-51534
01 Feb 2025 — Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service. • https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53296
https://notcve.org/view.php?id=CVE-2024-53296
01 Feb 2025 — Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. • https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21107
https://notcve.org/view.php?id=CVE-2025-21107
30 Jan 2025 — Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. • https://www.dell.com/support/kbdoc/en-us/000278811/dsa-2025-064-security-update-for-dell-networker-networker-virtual-edition-and-networker-management-console-multiple-component-vulnerabilities • CWE-428: Unquoted Search Path or Element •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23374
https://notcve.org/view.php?id=CVE-2025-23374
30 Jan 2025 — Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. • https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22394
https://notcve.org/view.php?id=CVE-2025-22394
15 Jan 2025 — Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation. • https://www.dell.com/support/kbdoc/en-us/000267927/dsa-2025-033 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21101
https://notcve.org/view.php?id=CVE-2025-21101
15 Jan 2025 — Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. • https://www.dell.com/support/kbdoc/en-us/000267927/dsa-2025-033 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21111
https://notcve.org/view.php?id=CVE-2025-21111
08 Jan 2025 — Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. • https://www.dell.com/support/kbdoc/en-us/000269958/dsa-2025-025-security-update-for-dell-vxrail-for-multiple-vulnerabilities • CWE-256: Plaintext Storage of a Password •